US20030053629A1 - USB authentication interface - Google Patents
USB authentication interface Download PDFInfo
- Publication number
- US20030053629A1 US20030053629A1 US09/952,924 US95292401A US2003053629A1 US 20030053629 A1 US20030053629 A1 US 20030053629A1 US 95292401 A US95292401 A US 95292401A US 2003053629 A1 US2003053629 A1 US 2003053629A1
- Authority
- US
- United States
- Prior art keywords
- key
- session key
- content material
- sequence number
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Definitions
- This invention relates to the field of computing systems, and in particular to computing systems that utilize a cryptographic protocol for communicating protected content material via a Universal Serial Bus (USB).
- USB Universal Serial Bus
- a number of standards have been adopted or proposed for encrypting copyright content material, or security items such as tickets that are associated with access to the copyright content material, each time the material is transferred from one device to another.
- a “compliant” CD-recorder creates a CD that contains a copy of copy-protected material
- the recording will be cryptographically protected so that only a “compliant” CD-player will be able to render the material.
- “Compliant” devices are devices that enforce the adopted standard. If the original copy-protected content material has a “copy-once” copy limitation, the compliant CD-recorder will cryptographically mark the copy of this original with a “copy-never” notation.
- a compliant CD-recorder will recognize this “copy-never” notation and will not create a copy of this copy. If the material is copied by a non-compliant recorder, it will not contain the appropriate cryptographic item, and a compliant recorder or playback device will not record or render this copied material.
- Compliant devices operate in cooperation with each other to prevent unauthorized access to protected content material using a variety of security techniques.
- the security techniques are provided to overcome the various schemes used to gain unauthorized access.
- One technique commonly employed is to encrypt the protected material using a different encryption key each time the material is communicated from one device to another. This unique key is termed the “session” key.
- This unique-session-key technique requires that the session-key be communicated between the devices, and a secure means is required to transmit this session key.
- the transmitting device transmits an encrypted parameter or set of parameters that the receiving device can use to determine the session key.
- This encryption of the parameter is based on a public-key, of a public-private-key-pair that is associated with the receiving device.
- the receiving device uses the private-key of the public-private-key-pair to decrypt the parameter to generate the session key.
- the public-private-key-pair is provided to each compliant device by a “trusted authority”.
- the receiving device communicates the public key to the transmitting device over a public channel, without fear of a compromise of security, because the public key's sole function is to encrypt material for communication to the receiving device; it does not provide any useful information for decrypting material.
- the transmitting device determines when each new session key will take effect, and transmits this scheduled new-key-start-time to the receiving device.
- the transmitting device also transmits a prepare-new-key command to the receiving device, to provide a sufficient lead-time for the receiving device to calculate the new session key.
- Each new key is created using a hash function of a counter index and a set of keys that are determined during an initial key exchange session between the transmitting device and the receiving device.
- the counter index is incremented at each scheduled new-key-start-time, producing the new session key.
- FIG. 1 illustrates an example block diagram of an encryption system in accordance with this invention.
- FIG. 2 illustrates an example block diagram of a decryption system in accordance with this invention.
- FIG. 3 illustrates an example flow diagram of an encryption system in accordance with this invention.
- FIG. 1 illustrates an example block diagram of an encryption system 100 in accordance with this invention.
- the example encryption system 100 is illustrated as having a Universal Serial Bus (USB) transmitter 170 for communicating encrypted content material 191 to a decryption system ( 200 in FIG. 2), although, in view of this disclosure, one of ordinary skill in the art will recognize that the principles presented herein are applicable to other communication protocols as well.
- USB Universal Serial Bus
- the encryption system 100 is termed the “host” 100
- the decryption system 200 is termed the “device” 200 .
- the host 100 is configured to encrypt content material 180 , via an encrypter 190 that receives an encryption key from a key selector 150 .
- the encryption key is referred to in FIG. 1 as a “scheduled key” 151 , because, in accordance with this invention, the encryption key that is used to encrypt the content material 180 changes at discrete scheduled times. By changing the key that is used to encrypt the content material, the compromise of one of these keys will have a minimal effect on the security of the content material.
- a new-key scheduler 110 is configured to trigger 112 the generation of a new key 141 , and to determine the time 111 at which this new key will be utilized as the scheduled key 151 for encrypting the content material 180 at the encrypter 190 .
- One of the difficulties with providing a scheduled time 111 for effecting an action at both the host 100 and the device 200 is the requirement that both systems 100 , 200 are synchronized to the same time-base.
- the time-base is selected as an information item that is communicated from the host 100 to the device 200 .
- the time-base is defined as the “Frame number” of the communicated USB frame.
- the USB frame number establishes a time reference for all devices on the bus, and is communicated from the host to all devices on the bus every millisecond.
- the USB frame number consists of an 11-bit number that is contained in the transmitted frame that is incremented each millisecond.
- similar time or sequence reference items may be utilized to establish a synchronization between the encryption system 100 and decryption system 200 . Note that this common base need not be “time” based. In an asynchronous communication system, the base could be a packet number associated with each communicated packet, a block number associated with each block of data comprising the content material 180 , or each block of encrypted data comprising the encrypted content material 191 , and so on.
- a key generator 140 corresponds to a modified Needham-Schroeder key generation device.
- the key generator 140 uses the USB transmitter 170 to exchange random keys with the device 200 , using a conventional Needham-Schroeder key exchange algorithm.
- Alternative key exchange techniques may be employed as well.
- FIG. 3 illustrates an example flow diagram for a key exchange and subsequent encryption of content material using changing keys in accordance with this invention.
- the host ( 100 ) encrypts a host-random-number 312 and a host-random-key 313 using a device-public-key 311 that corresponds to a device-private-key 411 of a public-private (P-p) key pair associated with the device 200 .
- the device 200 receives this encrypted host-random-number 312 and host-random-key 313 and decrypts them, at 410 , using the device-private-key 411 .
- the device 200 then encrypts, at 420 , a device-random-number 422 , a device-random-key 423 , and the decrypted host-random-number 312 ′ using a host-public-key 421 that corresponds to a host-private-key 321 of a public-private key pair associated with the host 100 , and communicates it to the host 100 .
- the host 100 decrypts the device-random-number 422 , the device-random-key 423 , and the re-encrypted host-random-number 312 ′, using the host-private-key 321 .
- the host 100 By comparing the host-random-number 312 that was transmitted with the decrypted host-random-number 312 ′′ that was received from the device 200 , the host 100 is able to verify that the intended device is the device with which it is communicating. In like manner, the host 100 communicates the decrypted device-random-number 422 ′ to the device 200 , so that the device 200 can verify that the transmitting system is the host that corresponds to the host-public-key 421 .
- This exchange of random-numbers 312 , 422 precludes a replay attack, wherein an imitation host or device merely replays one end of a recorded prior key exchange.
- the aforementioned public-private key pairs are issued and certified by a “trusted authority”. That is, to prevent a non-compliant device from imitating a compliant device, the compliant device 200 sends its public key 311 to the host 100 along with a “certification” of the public key 311 by the trusted authority that issued the keys to the compliant device 200 .
- the certification is an encryption that is based on a private-key of the trusted authority.
- the host decrypts the encryption based on the public-key of the trusted authority, and verifies that it corresponds to the provided public-key 311 of the receiving device 200 .
- the host 100 communicates its public key 421 to the device 200 along with a certification from the trusted authority for verification by the host 100 . Also in a preferred embodiment, both the host 100 and device 200 have access to lists of revoked device or host keys.
- each system 100 , 200 has knowledge of one or more secure keys.
- the secure “keys” may be key-parameters that are used to generate the keys that are actually used within the cryptographic modules; for ease of reference, the term “key” is used herein to include such key-parameters.
- each system 100 , 200 has knowledge of the host-random-key 313 or 313 ′ and the device-random-key 423 or 423 ′, and an eavesdropper to the key exchange will not have this knowledge.
- the new key scheduler 110 of FIG. 1 is configured to trigger 112 the generation of new keys as the content material 180 is being encrypted.
- each new key is created by hashing, at 350 and 450 of FIG. 3, a changing index 341 , 351 with the one or more secure keys 313 , 313 ′, 423 , 423 ′ that were obtained via an original key exchange.
- the hashing function 350 , 450 in a preferred embodiment is cryptographically robust, in that the amount of time required to “un-hash” the factors used to produce the hash value is substantially greater than the time required to produce the hash value from the given factors.
- a knowledge of the index 341 , 351 does not provide an advantage in trying to deduce a new hash key value from a prior hash key value.
- a preferred embodiment of this invention utilizes a simple increment, or counting, function, to facilitate a new-key generation having minimal overhead.
- the new-key scheduler 110 triggers a counter 130 that provides a count value to the key generator 140 as the aforementioned index 341 that is hashed with one or more secure keys, and optionally other keys known to both the host and device, to produce the new-key 141 .
- This new-key 141 is used to encrypt the next-key-start parameter 111 for transmission to the device 200 , via the USB transmitter 170 .
- this encryption via the encrypter 120 , provides an added level of security.
- the next-key-start parameter 111 may be communicated in the clear, or secured by the prior key, and so on.
- next-key-start parameter 111 is sufficiently far in the future to allow the device 200 to compute a corresponding new-key ( 241 in FIG. 2) before the encrypted content 191 that is encrypted with this new-key 141 is received by the device 200 .
- the communication of the next-key-start parameter 111 from the host 100 to the receiver 200 constitutes the synchronization 345 between the index generators 340 , 440 of FIG. 3.
- the encrypted next-key-start 121 is received by the USB receiver 270 and provided to a decrypter 220 .
- the decrypter 220 generates a trigger signal 221 upon receipt of the encrypted next-key-start 121 , to trigger the production of a new key 251 by the key generator 240 .
- the host 100 transmits a “prepare-next-key” command, before it transmits the encrypted next-key start 121 , to cause the trigger signal 221 , thereby providing additional preparation time for the device 200 to generate the new-key 251 .
- the device 200 includes a similar counter 230 and key generator 240 as in the host 100 to generate the same new-key as in the host 100 ( 351 , 451 in FIG. 3) based on a hash of the secure keys and the index ( 441 in FIG. 3) provided by the counter 230 .
- the USB protocol allows for an isosynchronous communication mode, wherein the application using this mode is assured a minimal bandwidth.
- the scheduled next-key-start 111 corresponds to a future frame sequence number.
- the sequence controller 160 and key selector 150 are configured to provide the new-key 141 as the scheduled key 151 such that the encrypted content 191 that is encoded by the prior key is completely transmitted before the scheduled frame number, and the encrypted content 191 that is encrypted by this new-key 141 is transmitted by the USB transmitter 170 at or after the scheduled frame number.
- the decrypter 220 in the device 200 provides this next-key-start parameter 111 ′ to the key selector 250 .
- the USB receiver 270 communicates each frame sequence number 271 to the key selector 250 .
- the key selector 250 When the sequence number 271 equals or exceeds the next-key-start parameter 111 ′, the key selector 250 provides the new-key 251 as the scheduled key 151 ′.
- the decrypter 290 decrypts the encrypted content material 191 based on the scheduled key 151 ′ to produce the decrypted content material 180 ′, corresponding (if the secure keys correspond) to the transmitted content material 180 .
- the host 100 and device 200 can be configured to utilize a new key with each USB frame, or at a predetermined interval of USB frames, obviating the need to communicate a next-key start parameter 111 from the host 100 to the device 200 .
- the USB frame number 161 can be utilized directly as the index 341 , 441 that is hashed with the secure keys to produce the new-key 141 , 241 .
Abstract
A sequence of transmissions is encrypted as a set of sub-sequences, each sub-sequence having a different session key. The transmitting device determines when each new session key will take effect, and transmits this scheduled new-key-start-time to the receiving device. In a preferred embodiment, the transmitting device also transmits a prepare-new-key command to the receiving device, to provide a sufficient lead-time for the receiving device to calculate the new session key. Each new key is created using a hash function of a counter index and a set of keys that are determined during an initial key exchange session between the transmitting device and the receiving device. The counter index is incremented at each scheduled new-key-start-time, producing the new session key.
Description
- 1. Field of the Invention
- This invention relates to the field of computing systems, and in particular to computing systems that utilize a cryptographic protocol for communicating protected content material via a Universal Serial Bus (USB).
- 2. Description of Related Art
- The use of cryptography for encoding electronic content material continues to increase. In the entertainment field, digital audio and video recordings are encrypted to protect the material from unauthorized copying. In the communications field, documents are encrypted to prevent unauthorized viewing, and encrypted certificates are used to verify the authenticity of a document.
- A number of standards have been adopted or proposed for encrypting copyright content material, or security items such as tickets that are associated with access to the copyright content material, each time the material is transferred from one device to another. For example, when a “compliant” CD-recorder creates a CD that contains a copy of copy-protected material, the recording will be cryptographically protected so that only a “compliant” CD-player will be able to render the material. “Compliant” devices are devices that enforce the adopted standard. If the original copy-protected content material has a “copy-once” copy limitation, the compliant CD-recorder will cryptographically mark the copy of this original with a “copy-never” notation. A compliant CD-recorder will recognize this “copy-never” notation and will not create a copy of this copy. If the material is copied by a non-compliant recorder, it will not contain the appropriate cryptographic item, and a compliant recorder or playback device will not record or render this copied material.
- Compliant devices operate in cooperation with each other to prevent unauthorized access to protected content material using a variety of security techniques. The security techniques are provided to overcome the various schemes used to gain unauthorized access. One technique commonly employed is to encrypt the protected material using a different encryption key each time the material is communicated from one device to another. This unique key is termed the “session” key. This unique-session-key technique, however, requires that the session-key be communicated between the devices, and a secure means is required to transmit this session key. Typically, the transmitting device transmits an encrypted parameter or set of parameters that the receiving device can use to determine the session key. This encryption of the parameter is based on a public-key, of a public-private-key-pair that is associated with the receiving device. The receiving device uses the private-key of the public-private-key-pair to decrypt the parameter to generate the session key. Typically, the public-private-key-pair is provided to each compliant device by a “trusted authority”. The receiving device communicates the public key to the transmitting device over a public channel, without fear of a compromise of security, because the public key's sole function is to encrypt material for communication to the receiving device; it does not provide any useful information for decrypting material.
- Despite these security measures, a variety of illicit attacks are commonly known than can be used to defeat these security measures. A number of these attacks often involve “replay” scenarios, wherein the attacker records prior communications between compliant devices and replays the communications to one or both of the compliant devices at a later session to convince one or both of the devices that the attacker's device is an authorized compliant device. Although techniques and protocols are available to defeat replay attacks, such as the Needham-Schroeder protocol, these protocols remain vulnerable to a compromise of the session key.
- It is an object of this invention to provide a secure means for transferring content material from one device to another. It is a further object of this invention to provide a secure means of transferring content material that provides protection against a compromise of the session key.
- These objects and others are achieved by encrypting a sequence of transmissions as a set of sub-sequences, each sub-sequence having a different session key. The transmitting device determines when each new session key will take effect, and transmits this scheduled new-key-start-time to the receiving device. In a preferred embodiment, the transmitting device also transmits a prepare-new-key command to the receiving device, to provide a sufficient lead-time for the receiving device to calculate the new session key. Each new key is created using a hash function of a counter index and a set of keys that are determined during an initial key exchange session between the transmitting device and the receiving device. The counter index is incremented at each scheduled new-key-start-time, producing the new session key.
- The invention is explained in further detail, and by way of example, with reference to the accompanying drawings wherein:
- FIG. 1 illustrates an example block diagram of an encryption system in accordance with this invention.
- FIG. 2 illustrates an example block diagram of a decryption system in accordance with this invention.
- FIG. 3 illustrates an example flow diagram of an encryption system in accordance with this invention.
- Throughout the drawings, the same reference numerals indicate similar or corresponding features or functions.
- FIG. 1 illustrates an example block diagram of an
encryption system 100 in accordance with this invention. Theexample encryption system 100 is illustrated as having a Universal Serial Bus (USB)transmitter 170 for communicatingencrypted content material 191 to a decryption system (200 in FIG. 2), although, in view of this disclosure, one of ordinary skill in the art will recognize that the principles presented herein are applicable to other communication protocols as well. For ease of reference, and consistent with the USB protocol terminology, theencryption system 100 is termed the “host” 100, and thedecryption system 200 is termed the “device” 200. - The
host 100 is configured to encryptcontent material 180, via anencrypter 190 that receives an encryption key from akey selector 150. The encryption key is referred to in FIG. 1 as a “scheduled key” 151, because, in accordance with this invention, the encryption key that is used to encrypt thecontent material 180 changes at discrete scheduled times. By changing the key that is used to encrypt the content material, the compromise of one of these keys will have a minimal effect on the security of the content material. - A new-
key scheduler 110 is configured to trigger 112 the generation of anew key 141, and to determine thetime 111 at which this new key will be utilized as the scheduledkey 151 for encrypting thecontent material 180 at theencrypter 190. One of the difficulties with providing a scheduledtime 111 for effecting an action at both thehost 100 and thedevice 200, however, is the requirement that bothsystems host 100 to thedevice 200. In the context of the illustrated USB protocol embodiment, the time-base is defined as the “Frame number” of the communicated USB frame. The USB frame number establishes a time reference for all devices on the bus, and is communicated from the host to all devices on the bus every millisecond. The USB frame number consists of an 11-bit number that is contained in the transmitted frame that is incremented each millisecond. In the context of other protocols, similar time or sequence reference items may be utilized to establish a synchronization between theencryption system 100 anddecryption system 200. Note that this common base need not be “time” based. In an asynchronous communication system, the base could be a packet number associated with each communicated packet, a block number associated with each block of data comprising thecontent material 180, or each block of encrypted data comprising theencrypted content material 191, and so on. - In a preferred embodiment, a
key generator 140 corresponds to a modified Needham-Schroeder key generation device. Not illustrated, thekey generator 140 uses theUSB transmitter 170 to exchange random keys with thedevice 200, using a conventional Needham-Schroeder key exchange algorithm. Alternative key exchange techniques may be employed as well. - FIG. 3 illustrates an example flow diagram for a key exchange and subsequent encryption of content material using changing keys in accordance with this invention. At310, the host (100) encrypts a host-random-
number 312 and a host-random-key 313 using a device-public-key 311 that corresponds to a device-private-key 411 of a public-private (P-p) key pair associated with thedevice 200. Thedevice 200 receives this encrypted host-random-number 312 and host-random-key 313 and decrypts them, at 410, using the device-private-key 411. Thedevice 200 then encrypts, at 420, a device-random-number 422, a device-random-key 423, and the decrypted host-random-number 312′ using a host-public-key 421 that corresponds to a host-private-key 321 of a public-private key pair associated with thehost 100, and communicates it to thehost 100. Thehost 100 decrypts the device-random-number 422, the device-random-key 423, and the re-encrypted host-random-number 312′, using the host-private-key 321. By comparing the host-random-number 312 that was transmitted with the decrypted host-random-number 312″ that was received from thedevice 200, thehost 100 is able to verify that the intended device is the device with which it is communicating. In like manner, thehost 100 communicates the decrypted device-random-number 422′ to thedevice 200, so that thedevice 200 can verify that the transmitting system is the host that corresponds to the host-public-key 421. This exchange of random-numbers - As is common in the art, but not illustrated, the aforementioned public-private key pairs are issued and certified by a “trusted authority”. That is, to prevent a non-compliant device from imitating a compliant device, the
compliant device 200 sends itspublic key 311 to thehost 100 along with a “certification” of thepublic key 311 by the trusted authority that issued the keys to thecompliant device 200. The certification is an encryption that is based on a private-key of the trusted authority. The host decrypts the encryption based on the public-key of the trusted authority, and verifies that it corresponds to the provided public-key 311 of the receivingdevice 200. In like manner, thehost 100 communicates itspublic key 421 to thedevice 200 along with a certification from the trusted authority for verification by thehost 100. Also in a preferred embodiment, both thehost 100 anddevice 200 have access to lists of revoked device or host keys. - At the completion of a key exchange, each
system system key key key scheduler 110 of FIG. 1 is configured to trigger 112 the generation of new keys as thecontent material 180 is being encrypted. Although a new key-exchange session 310-410-320-420-330-430, detailed above, could be initiated upon receipt of eachtrigger 112 from the newkey scheduler 110, such an approach would incur a significant amount of overhead with each new-key generation. In a preferred embodiment, each new key is created by hashing, at 350 and 450 of FIG. 3, a changingindex secure keys hashing function index index - As illustrated in FIG. 1, the new-
key scheduler 110 triggers acounter 130 that provides a count value to thekey generator 140 as theaforementioned index 341 that is hashed with one or more secure keys, and optionally other keys known to both the host and device, to produce the new-key 141. This new-key 141 is used to encrypt the next-key-start parameter 111 for transmission to thedevice 200, via theUSB transmitter 170. As would be evident to one of ordinary skill in the art, this encryption, via theencrypter 120, provides an added level of security. Alternatively, albeit less secure, the next-key-start parameter 111 may be communicated in the clear, or secured by the prior key, and so on. In a preferred embodiment, the next-key-start parameter 111 is sufficiently far in the future to allow thedevice 200 to compute a corresponding new-key (241 in FIG. 2) before theencrypted content 191 that is encrypted with this new-key 141 is received by thedevice 200. The communication of the next-key-start parameter 111 from thehost 100 to thereceiver 200 constitutes thesynchronization 345 between theindex generators - As illustrated in FIG. 2, the encrypted next-key-
start 121 is received by theUSB receiver 270 and provided to adecrypter 220. Thedecrypter 220 generates atrigger signal 221 upon receipt of the encrypted next-key-start 121, to trigger the production of anew key 251 by thekey generator 240. Alternatively, in a preferred embodiment, thehost 100 transmits a “prepare-next-key” command, before it transmits the encrypted next-key start 121, to cause thetrigger signal 221, thereby providing additional preparation time for thedevice 200 to generate the new-key 251. Thedevice 200 includes asimilar counter 230 andkey generator 240 as in thehost 100 to generate the same new-key as in the host 100 (351, 451 in FIG. 3) based on a hash of the secure keys and the index (441 in FIG. 3) provided by thecounter 230. - The USB protocol allows for an isosynchronous communication mode, wherein the application using this mode is assured a minimal bandwidth. In accordance with this invention, the scheduled next-key-
start 111 corresponds to a future frame sequence number. Thesequence controller 160 andkey selector 150 are configured to provide the new-key 141 as the scheduledkey 151 such that theencrypted content 191 that is encoded by the prior key is completely transmitted before the scheduled frame number, and theencrypted content 191 that is encrypted by this new-key 141 is transmitted by theUSB transmitter 170 at or after the scheduled frame number. Thedecrypter 220 in thedevice 200 provides this next-key-start parameter 111′ to thekey selector 250. TheUSB receiver 270 communicates eachframe sequence number 271 to thekey selector 250. When thesequence number 271 equals or exceeds the next-key-start parameter 111′, thekey selector 250 provides the new-key 251 as the scheduled key 151′. Thedecrypter 290 decrypts theencrypted content material 191 based on the scheduled key 151′ to produce the decryptedcontent material 180′, corresponding (if the secure keys correspond) to the transmittedcontent material 180. - The foregoing merely illustrates the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements which, although not explicitly described or shown herein, embody the principles of the invention and are thus within its spirit and scope. For example, to minimize the complexity of the embodiment, the
host 100 anddevice 200 can be configured to utilize a new key with each USB frame, or at a predetermined interval of USB frames, obviating the need to communicate a next-key start parameter 111 from thehost 100 to thedevice 200. Independently, or in combination with this periodic key-change, theUSB frame number 161 can be utilized directly as theindex key 141, 241. These and other system configuration and optimization features will be evident to one of ordinary skill in the art in view of this disclosure, and are included within the scope of the following claims.
Claims (17)
1. A method for communicating content material from a transmitter comprising:
determining a first session key, a second session key, and a scheduled start sequence number associated with the second session key,
encrypting a first portion of the content material based on the first session key to form a first sequence of encrypted content material for communication to a receiver before the scheduled start sequence number associated with the second session key,
communicating the scheduled start sequence number associated with the second session key to the receiver, and
encrypting a second portion of the content material based on the second session key to form a second sequence of encrypted content material for communication to the receiver at and after the scheduled start sequence number associated with the second session key.
2. The method of claim 1 , further including:
receiving a key from the intended receiver, and wherein
determining the first session key and the second session key is based upon the key that is received from the intended receiver.
3. The method of claim 2 , wherein
determining the first session key and the second session key is based upon a Needham-Schroeder public key exchange protocol.
4. The method of claim 1 , wherein
the first session key corresponds to a first hash value that is based on a host key that is associated with the transmitter, a device key that is associated with the receiver, and a first index value, and
the second session key corresponds to a second hash value that is based on the host key, the device key, and a second index value.
5. The method of claim 4 , wherein
the first hash value and the second hash value are further based on a second host key and a second device key.
6. The method of claim 1 , wherein
the first sequence and second sequence of encrypted content material comprise sequences of frames that are communicated in accordance with a Universal Serial Bus (USB) protocol, and
the scheduled start sequence number corresponds to a USB frame number.
7. An encryption system that is configured to encrypt content material to provide encrypted content material for transmission to a decryption system comprising:
an encrypter that is configured to:
encrypt a first portion of the content material based on a first session key to form a first encrypted sequence,
encrypt a second portion of the content material based on a second session key to form a second encrypted sequence having a starting sequence number, and
a transmitter that is configured to
transmit the starting sequence number, the first encrypted sequence, and the second encrypted sequence to the decryption system.
8. The encryption system of claim 7 , further including:
a key generator that is configured to provide the first session key and the second session key based on at least one key that is intended to be known to the encryption system and the decryption system only.
9. The encryption system of claim 8 , wherein
the at least one key that is intended to be known to the encryption system and the decryption system only is communicated between the encryption system and the decryption system via a Needham-Schroeder key-exchange algorithm.
10. The encryption system of claim 8 , wherein
the key generator is further configured to provide:
the first session key based on a hash of the at least one key and a first index value, and
the second session key based on the hash of the at least one key and a second index value.
11. The encryption system of claim 7 , wherein
the transmitter is further configured to transmit the starting sequence number, the first encrypted sequence, and the second encrypted sequence based on a Universal Serial Bus (USB) protocol, and
the starting sequence number corresponds to a USB frame number.
12. The encryption system of claim 7 , wherein
the transmitter is further configured to transmit the starting sequence number as an encrypted starting sequence number.
13. A decryption system comprising
a receiver that is configured to receive encrypted content material and a starting sequence number from an encryption system, and
a decrypted that is configured to
decrypt a first sequence of the encrypted content material before the starting sequence number based on a first session key, and
decrypt a second sequence of the encrypted content material at and after the starting sequence number based on a second session key.
14. The decryption system of claim 13 , further including:
a key generator that is configured to provide the first session key and the second session key based on at least one key that is intended to be known to the encryption system and the decryption system only.
15. The encryption system of claim 14 , wherein
the at least one key that is intended to be known to the encryption system and the decryption system only is communicated between the encryption system and the decryption system via a Needham-Schroeder key-exchange algorithm.
16. The encryption system of claim 14 , wherein
the key generator is further configured to provide:
the first session key based on a hash of the at least one key and a first index value, and
the second session key based on the hash of the at least one key and a second index value.
17. The encryption system of claim 13 , wherein
the receiver is further configured to receive the starting sequence number and the encrypted content material based on a Universal Serial Bus (USB) protocol, and
the starting sequence number corresponds to a USB frame number.
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/952,924 US20030053629A1 (en) | 2001-09-14 | 2001-09-14 | USB authentication interface |
EP02765255A EP1430638A2 (en) | 2001-09-14 | 2002-09-13 | Usb authentication interface |
PCT/IB2002/003792 WO2003026198A2 (en) | 2001-09-14 | 2002-09-13 | Usb authentication interface |
CNA028178815A CN1554164A (en) | 2001-09-14 | 2002-09-13 | USB authentication interface |
JP2003529687A JP2005503717A (en) | 2001-09-14 | 2002-09-13 | USB authentication interface |
KR10-2004-7003720A KR20040031083A (en) | 2001-09-14 | 2002-09-13 | USB authentication interface |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/952,924 US20030053629A1 (en) | 2001-09-14 | 2001-09-14 | USB authentication interface |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030053629A1 true US20030053629A1 (en) | 2003-03-20 |
Family
ID=25493360
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/952,924 Abandoned US20030053629A1 (en) | 2001-09-14 | 2001-09-14 | USB authentication interface |
Country Status (6)
Country | Link |
---|---|
US (1) | US20030053629A1 (en) |
EP (1) | EP1430638A2 (en) |
JP (1) | JP2005503717A (en) |
KR (1) | KR20040031083A (en) |
CN (1) | CN1554164A (en) |
WO (1) | WO2003026198A2 (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050154896A1 (en) * | 2003-09-22 | 2005-07-14 | Mathias Widman | Data communication security arrangement and method |
US20060101288A1 (en) * | 2002-10-31 | 2006-05-11 | Bernard Smeets | Secure implementation and utilization of device-specific security data |
US20060104440A1 (en) * | 2002-10-30 | 2006-05-18 | Alain Durand | Simplified method for renewing symmetrical keys in a digital network |
US20070198856A1 (en) * | 2000-01-06 | 2007-08-23 | Super Talent Electronics Inc. | Secure Flash-Memory Card Reader with Host-Encrypted Data on a Flash-Controller-Mastered Bus Parallel to a Local CPU Bus Carrying Encrypted Hashed Password and User ID |
US20090070586A1 (en) * | 2006-02-09 | 2009-03-12 | Wolfgang Bucker | Method, Device and Computer Program Product for the Encoded Transmission of Media Data Between the Media Server and the Subscriber Terminal |
WO2009146729A1 (en) * | 2008-06-06 | 2009-12-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Cryptographic key generation |
US20120159173A1 (en) * | 2010-12-21 | 2012-06-21 | General Instrument Corporation | Service key delivery system |
EP2633464A1 (en) * | 2010-10-29 | 2013-09-04 | Nokia Corp. | Software authentication |
US9251381B1 (en) * | 2006-06-27 | 2016-02-02 | Western Digital Technologies, Inc. | Solid-state storage subsystem security solution |
GB2530258A (en) * | 2014-09-15 | 2016-03-23 | Mastercard International Inc | Authentication of communications |
DE102015209368A1 (en) * | 2015-05-21 | 2016-11-24 | Siemens Aktiengesellschaft | Derive a cryptographic key of a predefined key generation |
US10248578B2 (en) | 2002-06-28 | 2019-04-02 | Microsoft Technology Licensing, Llc | Methods and systems for protecting data in USB systems |
US20190294764A1 (en) * | 2018-03-21 | 2019-09-26 | Elitegroup Computer Systems Co.,Ltd. | Method for remotely authorizing login to a computer system |
US10873460B2 (en) * | 2015-12-10 | 2020-12-22 | SZ DJI Technology Co., Ltd. | UAV authentication method and system |
US20230319026A1 (en) * | 2022-03-31 | 2023-10-05 | Lenovo (United States) Inc. | Adding devices to a network via a zero-knowledge protocol |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1690365A1 (en) * | 2003-10-16 | 2006-08-16 | Matsushita Electric Industrial Co., Ltd. | Encrypted communication system and communication device |
CN101102552B (en) * | 2007-08-16 | 2012-12-19 | 中兴通讯股份有限公司 | Update method and system for service secret key |
CN101616148B (en) * | 2009-07-31 | 2013-04-24 | 北京握奇数据系统有限公司 | Internet transaction identity authentication method and device |
CN102438240B (en) * | 2011-12-13 | 2015-04-29 | 西安交通大学 | Smart grid wireless communication encryption method based on dynamic key |
KR101959738B1 (en) | 2012-05-24 | 2019-03-19 | 삼성전자 주식회사 | Apparatus for generating secure key using device ID and user authentication information |
US9202041B2 (en) * | 2013-02-07 | 2015-12-01 | Fairchild Semiconductor Corporation | Permanent lockout attack detection |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5216715A (en) * | 1989-06-16 | 1993-06-01 | Siemens Aktiengesellschaft | Key distribution in public communication networks taking account of security gradations |
US5515439A (en) * | 1993-12-03 | 1996-05-07 | International Business Machines Corporation | Exchange certificate for one way validation of information |
US5659615A (en) * | 1994-11-14 | 1997-08-19 | Hughes Electronics | Secure satellite receive-only local area network with address filter |
US5805705A (en) * | 1996-01-29 | 1998-09-08 | International Business Machines Corporation | Synchronization of encryption/decryption keys in a data communication network |
US5958020A (en) * | 1997-10-29 | 1999-09-28 | Vlsi Technology, Inc. | Real time event determination in a universal serial bus system |
US20010007127A1 (en) * | 1999-12-10 | 2001-07-05 | Staring Antonius A.M. | Synchronization of session keys |
US6550011B1 (en) * | 1998-08-05 | 2003-04-15 | Hewlett Packard Development Company, L.P. | Media content protection utilizing public key cryptography |
US6804453B1 (en) * | 1999-05-13 | 2004-10-12 | Hitachi, Ltd. | Digital signal recording/reproducing apparatus |
US6842611B2 (en) * | 2000-04-06 | 2005-01-11 | Samsung Electronics Co., Ltd. | Received data processing method in communication device for supporting bluetooth wireless communication |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100290729B1 (en) * | 1998-01-07 | 2001-05-15 | 클라크 3세 존 엠. | Apparatus and method of transmitting and receiving usb isochronous data |
US6636968B1 (en) * | 1999-03-25 | 2003-10-21 | Koninklijke Philips Electronics N.V. | Multi-node encryption and key delivery |
EP1104213A3 (en) * | 1999-11-29 | 2003-05-21 | Philips Intellectual Property & Standards GmbH | Wireless network with key change procedure |
US7242772B1 (en) * | 2000-09-07 | 2007-07-10 | Eastman Kodak Company | Encryption apparatus and method for synchronizing multiple encryption keys with a data stream |
-
2001
- 2001-09-14 US US09/952,924 patent/US20030053629A1/en not_active Abandoned
-
2002
- 2002-09-13 JP JP2003529687A patent/JP2005503717A/en not_active Withdrawn
- 2002-09-13 CN CNA028178815A patent/CN1554164A/en active Pending
- 2002-09-13 EP EP02765255A patent/EP1430638A2/en not_active Withdrawn
- 2002-09-13 WO PCT/IB2002/003792 patent/WO2003026198A2/en not_active Application Discontinuation
- 2002-09-13 KR KR10-2004-7003720A patent/KR20040031083A/en not_active Application Discontinuation
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5216715A (en) * | 1989-06-16 | 1993-06-01 | Siemens Aktiengesellschaft | Key distribution in public communication networks taking account of security gradations |
US5515439A (en) * | 1993-12-03 | 1996-05-07 | International Business Machines Corporation | Exchange certificate for one way validation of information |
US5659615A (en) * | 1994-11-14 | 1997-08-19 | Hughes Electronics | Secure satellite receive-only local area network with address filter |
US5805705A (en) * | 1996-01-29 | 1998-09-08 | International Business Machines Corporation | Synchronization of encryption/decryption keys in a data communication network |
US5958020A (en) * | 1997-10-29 | 1999-09-28 | Vlsi Technology, Inc. | Real time event determination in a universal serial bus system |
US6550011B1 (en) * | 1998-08-05 | 2003-04-15 | Hewlett Packard Development Company, L.P. | Media content protection utilizing public key cryptography |
US6804453B1 (en) * | 1999-05-13 | 2004-10-12 | Hitachi, Ltd. | Digital signal recording/reproducing apparatus |
US20010007127A1 (en) * | 1999-12-10 | 2001-07-05 | Staring Antonius A.M. | Synchronization of session keys |
US6842611B2 (en) * | 2000-04-06 | 2005-01-11 | Samsung Electronics Co., Ltd. | Received data processing method in communication device for supporting bluetooth wireless communication |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070198856A1 (en) * | 2000-01-06 | 2007-08-23 | Super Talent Electronics Inc. | Secure Flash-Memory Card Reader with Host-Encrypted Data on a Flash-Controller-Mastered Bus Parallel to a Local CPU Bus Carrying Encrypted Hashed Password and User ID |
US7814337B2 (en) * | 2000-01-06 | 2010-10-12 | Super Talent Electronics, Inc. | Secure flash-memory card reader with host-encrypted data on a flash-controller-mastered bus parallel to a local CPU bus carrying encrypted hashed password and user ID |
US10248578B2 (en) | 2002-06-28 | 2019-04-02 | Microsoft Technology Licensing, Llc | Methods and systems for protecting data in USB systems |
US8369524B2 (en) * | 2002-10-30 | 2013-02-05 | Thomson Licensing | Simplified method for renewing symmetrical keys in a digital network |
US20060104440A1 (en) * | 2002-10-30 | 2006-05-18 | Alain Durand | Simplified method for renewing symmetrical keys in a digital network |
US7861097B2 (en) * | 2002-10-31 | 2010-12-28 | Telefonaktiebolaget Lm Ericsson (Publ) | Secure implementation and utilization of device-specific security data |
US20060101288A1 (en) * | 2002-10-31 | 2006-05-11 | Bernard Smeets | Secure implementation and utilization of device-specific security data |
US20050154896A1 (en) * | 2003-09-22 | 2005-07-14 | Mathias Widman | Data communication security arrangement and method |
US20090070586A1 (en) * | 2006-02-09 | 2009-03-12 | Wolfgang Bucker | Method, Device and Computer Program Product for the Encoded Transmission of Media Data Between the Media Server and the Subscriber Terminal |
US9251381B1 (en) * | 2006-06-27 | 2016-02-02 | Western Digital Technologies, Inc. | Solid-state storage subsystem security solution |
EP2528268A1 (en) * | 2008-06-06 | 2012-11-28 | Telefonaktiebolaget LM Ericsson | Cyptographic key generation |
US8340288B2 (en) | 2008-06-06 | 2012-12-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Cryptographic key generation |
US9326142B2 (en) | 2008-06-06 | 2016-04-26 | Telefonaktiebolaget L M Ericsson (Publ) | Cryptographic key generation |
EP2658163A1 (en) * | 2008-06-06 | 2013-10-30 | Telefonaktiebolaget L M Ericsson (Publ) | Cryptographic key generation |
US20110091036A1 (en) * | 2008-06-06 | 2011-04-21 | Telefonaktiebolaget Lm Ericsson (Publ) | Cryptographic Key Generation |
US8953793B2 (en) | 2008-06-06 | 2015-02-10 | Telefonaktiebolaget L M Ericsson (Publ) | Cryptographic key generation |
WO2009146729A1 (en) * | 2008-06-06 | 2009-12-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Cryptographic key generation |
EP2633464A1 (en) * | 2010-10-29 | 2013-09-04 | Nokia Corp. | Software authentication |
EP2633464A4 (en) * | 2010-10-29 | 2014-08-20 | Nokia Corp | Software authentication |
US20120159173A1 (en) * | 2010-12-21 | 2012-06-21 | General Instrument Corporation | Service key delivery system |
US8873760B2 (en) * | 2010-12-21 | 2014-10-28 | Motorola Mobility Llc | Service key delivery system |
GB2530258A (en) * | 2014-09-15 | 2016-03-23 | Mastercard International Inc | Authentication of communications |
DE102015209368A1 (en) * | 2015-05-21 | 2016-11-24 | Siemens Aktiengesellschaft | Derive a cryptographic key of a predefined key generation |
US10873460B2 (en) * | 2015-12-10 | 2020-12-22 | SZ DJI Technology Co., Ltd. | UAV authentication method and system |
US20190294764A1 (en) * | 2018-03-21 | 2019-09-26 | Elitegroup Computer Systems Co.,Ltd. | Method for remotely authorizing login to a computer system |
US20230319026A1 (en) * | 2022-03-31 | 2023-10-05 | Lenovo (United States) Inc. | Adding devices to a network via a zero-knowledge protocol |
Also Published As
Publication number | Publication date |
---|---|
JP2005503717A (en) | 2005-02-03 |
EP1430638A2 (en) | 2004-06-23 |
KR20040031083A (en) | 2004-04-09 |
WO2003026198A3 (en) | 2003-10-23 |
CN1554164A (en) | 2004-12-08 |
WO2003026198A2 (en) | 2003-03-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20030053629A1 (en) | USB authentication interface | |
US7813512B2 (en) | Encrypted communication system and communication device | |
US6542610B2 (en) | Content protection for digital transmission systems | |
JP4714402B2 (en) | Secure transmission of digital data from an information source to a receiver | |
KR101366243B1 (en) | Method for transmitting data through authenticating and apparatus therefor | |
US20030123667A1 (en) | Method for encryption key generation | |
EP1271875A1 (en) | Device arranged for exchanging data, and method of manufacturing | |
EP2461564A1 (en) | Key transport protocol | |
MXPA06010776A (en) | Authentication between device and portable storage. | |
US7860254B2 (en) | Computer system security via dynamic encryption | |
US7506376B2 (en) | Copy protection method for digital media | |
JP2006527955A (en) | Improved safety-certified channel | |
EP1120934B1 (en) | Method and apparatus for key distribution using a key base | |
JP4379031B2 (en) | Information transmission method and information transmitting apparatus and information receiving apparatus used therefor | |
KR20070096023A (en) | Secure host interface | |
EP1145243A2 (en) | Copy protection by message encryption | |
US6940977B1 (en) | Digital video and audio data encryption, decryption and system authentication | |
JP2000295208A (en) | Contents transfer/storage method, its device and program recording medium | |
WO2007043014A1 (en) | Method of encrypted communication using a keystream | |
US7327845B1 (en) | Transmission of encrypted messages between a transmitter and a receiver utilizing a one-time cryptographic pad | |
KR100763464B1 (en) | Method of exchanging secret key for secured communication | |
JP2008259042A (en) | Information protection system | |
JP3931497B2 (en) | Information transfer system | |
CN117728935A (en) | Method and system for issuing digital certificate | |
KR20120082761A (en) | Method for protecting the digital contents between player and cartridges |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: KONINKLIJKE PHILIPS ELECTRONICS N.V., NETHERLANDS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KNAPEN, GEERT ARNOLD;REEL/FRAME:012181/0125 Effective date: 20010914 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |